PatchSiren cyber security CVE debrief
CVE-2026-45173 CyberArk Software, a Palo Alto Networks Company CVE debrief
CVE-2026-45173 is a HIGH severity vulnerability in Idiria Identity Browser Extension versions prior to 26.8.1. The vulnerability exhibits an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session.
- Vendor
- CyberArk Software, a Palo Alto Networks Company
- Product
- Identity Browser Extensions
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of Idiria Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 should update to the latest version to mitigate this vulnerability.
Technical summary
The vulnerability has a CVSS score of 8.4 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber.
Defensive priority
HIGH
Recommended defensive actions
- Update Idiria Identity Browser Extension to version 26.8.1 or later.
- Be cautious when navigating to untrusted webpages, especially when authenticated.
Evidence notes
The vulnerability is described in CyberArk Security Bulletin: CA26-21.
Official resources
-
CVE-2026-45173 CVE record
CVE.org
-
CVE-2026-45173 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-45173 was published on 2026-06-11T22:16:57.470Z and modified on 2026-06-12T15:30:26.567Z.